Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten

u-gin · 21.12.2010, 20:40

Hallo!
Habe folgendes Problem,
vor ein paar Tagen war mein rechner mit Malware infiziert, das Problem hab ich wieder gelöst mit "Malewarebytes Anti-Malware".
Jetzt hab ich gemerkt das sich einige Programme nicht mehr updaten lassen (Avira, EA-Downloadmanager, Adobe Flash Player etc.)
es kommen immer fehlermedungen wie"verbindung zum server fehlgeschlagen".
(es wäre evt. noch normal wenn die server überlastet wären, aber nicht bei so vielen programmen.)
mit Firefox und Thunderbird gibt es keine Probleme(lassen sich auch updaten).

ich nütze Windows Vista Home Premium (32bit, SP2)

danke schon mal im vorraus!
MFG
U-GIN

rea · 21.12.2010, 21:29

Hallo u-gin und Willkommen am TB,

wie wärs, wenn du uns die Logs von Malwarebytes zeigst?

Malwarebytes starten -> Reiter Logdateien -> Poste jedes Log aus der Liste einzeln in Codetags

Und erstell zusätzlich auch Logfiles mit OTL und Gmer, dann schauen wir ob nicht doch eventuell noch vorhandene Malware an deinem Problem schuld ist:

Vorweg ein paar Hinweise (Bitte beachten!):

Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.

Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst - doofe Fragen gibt es nicht.

Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.

Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.

Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.

Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.

Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.

Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis

Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:

1.) Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.) Gmer - Rootkitscan
Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

u-gin · 21.12.2010, 22:55

Malwarebytes' Anti-Malware 1.50
Malwarebytes

Datenbank Version: 5282

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10.12.2010 00:14:30
mbam-log-2010-12-10 (00-14-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 248507
Laufzeit: 55 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\Users\eugen\AppData\Local\Temp\igwqnkmplw.exe (Rogue.HDDSCan) -> 2916 -> Unloaded process successfully.
c:\Users\eugen\AppData\Local\Temp\1093457.exe (Rogue.HDDScan) -> 3804 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\eugen\AppData\Local\Temp\qvgbqcmsas.dll (Rogue.HDDScan) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IGwqNKmplw.exe (Rogue.HDDSCan) -> Value: IGwqNKmplw.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1093457 (Rogue.HDDScan) -> Value: 1093457 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\eugen\AppData\Roaming\microsoft\Windows\start menu\Programs\ultra defragger (Rogue.UltraDefragger) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\eugen\AppData\Local\Temp\qvgbqcmsas.dll (Rogue.HDDScan) -> Delete on reboot.
c:\Users\eugen\AppData\Local\Temp\igwqnkmplw.exe (Rogue.HDDSCan) -> Quarantined and deleted successfully.
c:\Users\eugen\AppData\Local\Temp\1093457.exe (Rogue.HDDScan) -> Delete on reboot.
c:\Users\eugen\AppData\Local\Temp\tmp9FD8.tmp (Rogue.HDDSCan) -> Quarantined and deleted successfully.
c:\Users\eugen\AppData\Local\Temp\0.11278017058312184.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\eugen\AppData\Roaming\microsoft\Windows\start menu\Programs\ultra defragger\ultra defragger.lnk (Rogue.UltraDefragger) -> Quarantined and deleted successfully.
c:\Users\eugen\AppData\Roaming\microsoft\Windows\start menu\Programs\ultra defragger\uninstall ultra defragger.lnk (Rogue.UltraDefragger) -> Quarantined and deleted successfully.

das war das letzte

rea · 22.12.2010, 06:24

Okay, dann fehlen jetzt noch OTL und Gmer.

u-gin · 22.12.2010, 19:29

ok hier ist OTLOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.12.2010 19:18:20 - Run 2
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,22 Gb Free Space | 30,15% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 15,52 Gb Free Space | 34,71% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.10 00:26:25 | 012,584,112 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.11.22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.10.14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2009.10.14 14:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.02.01 19:31:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010.02.01 19:31:42 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2009.10.14 14:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.10.14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.22 15:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.10.14 14:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.02.16 21:13:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.11 17:04:16 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.21 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml
[2010.12.19 02:48:34 | 000,001,056 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\icqplugin.xml
[2010.12.08 00:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 19:10:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.22 18:50:29 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 18:48:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 18:48:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 18:48:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 18:48:46 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 00:17:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.21 19:09:31 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.19 16:22:17 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.19 16:22:17 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.19 16:22:17 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.19 16:22:17 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 22:00:55 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:19:45 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:22 | 000,001,356 | ---- | M] () -- C:\Users\eugen\AppData\Local\d3d9caps.dat
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.20 19:59:12 | 000,001,356 | ---- | C] () -- C:\Users\eugen\AppData\Local\d3d9caps.dat
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2010.12.21 20:46:00 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2010.12.22 00:17:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 22.12.2010 19:18:20 - Run 2
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,22 Gb Free Space | 30,15% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 15,52 Gb Free Space | 34,71% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Filzip 3.0.6.93_is1" = Filzip 3.06
"ICQToolbar" = ICQ Toolbar
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winload Toolbar" = Winload Toolbar
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2010 06:48:33 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2010 06:48:33 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2010 06:48:33 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2010 08:51:08 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2010 08:51:08 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2010 08:51:08 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2010 08:51:08 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2010 08:51:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2010 08:51:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2010 08:51:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description = 
 
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description = 
 
[ System Events ]
Error - 20.12.2010 14:22:53 | Computer Name = eugen-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.32  registriert werden. Der Computer mit IP-Adresse 192.168.2.33
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 20.12.2010 14:23:32 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.12.2010 14:23:32 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.12.2010 14:08:26 | Computer Name = eugen-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.32  registriert werden. Der Computer mit IP-Adresse 192.168.2.33
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 21.12.2010 14:09:08 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 21.12.2010 14:09:08 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.12.2010 13:49:28 | Computer Name = eugen-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.32 für die Netzwerkkarte mit der Netzwerkadresse
 0015AF378B94 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 22.12.2010 13:49:45 | Computer Name = eugen-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.34  registriert werden. Der Computer mit IP-Adresse 192.168.2.32
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 22.12.2010 13:50:17 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22.12.2010 13:50:17 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

das andere kommt gleich

u-gin · 22.12.2010, 20:15

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-22 20:12:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542512K9SA00 rev.BB2OC31P
Running: 5lvc84qm.exe; Driver: C:\Users\eugen\AppData\Local\Temp\pwlcapow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwAlpcConnectPort [0x8F0D20A2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwAlpcCreatePort [0x8F0D2972]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwConnectPort [0x8F0D1AF8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwCreateFile [0x8F0CB0D8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwCreateKey [0x8F0E9AA6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwCreatePort [0x8F0D2602]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwCreateWaitablePort [0x8F0D2760]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwDeleteFile [0x8F0CBF9A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwDeleteKey [0x8F0EB4BC]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwDeleteValueKey [0x8F0EADB2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwLoadKey [0x8F0EBE86]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwLoadKey2 [0x8F0EC0C4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwLoadKeyEx [0x8F0EC576]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwOpenFile [0x8F0CBA8C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwRenameKey [0x8F0ED30C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwReplaceKey [0x8F0EC840]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwRequestWaitReplyPort [0x8F0D1690]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwRestoreKey [0x8F0ECF4C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwSetInformationFile [0x8F0CC3A4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwSetSecurityObject [0x8F0ED894]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwSetValueKey [0x8F0EA4D6]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                                      824BD8A0 8 Bytes  [A2, 20, 0D, 8F, 72, 29, 0D, ...]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                      824BD924 4 Bytes  [F8, 1A, 0D, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 1D9                                                                                                      824BD93C 4 Bytes  [D8, B0, 0C, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 1E9                                                                                                      824BD94C 4 Bytes  [A6, 9A, 0E, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 205                                                                                                      824BD968 4 Bytes  [02, 26, 0D, 8F]
.text           ...                                                                                                                                
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                             section is writeable [0x9CB1E300, 0x3ACC8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                             section is writeable [0x9CB64300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtAccessCheckByType                                                              77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtAlpcImpersonateClientOfPort                                                    77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtImpersonateClientOfPort                                                        779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtSetInformationProcess                                                          77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] kernel32.dll!OpenProcess                                                                   77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] USER32.dll!FindWindowA                                                                     76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] USER32.dll!FindWindowW                                                                     766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ADVAPI32.dll!ImpersonateNamedPipeClient                                                    77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ADVAPI32.dll!SetThreadToken                                                                77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ntdll.dll!NtAccessCheckByType                                                                 77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ntdll.dll!NtImpersonateClientOfPort                                                           779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ntdll.dll!NtSetInformationProcess                                                             77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!SetThreadToken                                                                   77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ntdll.dll!NtAccessCheckByType                                                                 77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ntdll.dll!NtImpersonateClientOfPort                                                           779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ntdll.dll!NtSetInformationProcess                                                             77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!SetThreadToken                                                                   77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ntdll.dll!NtAccessCheckByType                                                                   77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ntdll.dll!NtAlpcImpersonateClientOfPort                                                         77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ntdll.dll!NtImpersonateClientOfPort                                                             779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ntdll.dll!NtSetInformationProcess                                                               77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient                                                         77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!SetThreadToken                                                                     77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] USER32.dll!FindWindowA                                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] USER32.dll!FindWindowW                                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtAccessCheckByType                                                                     77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtAlpcImpersonateClientOfPort                                                           77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtImpersonateClientOfPort                                                               779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtSetInformationProcess                                                                 77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] kernel32.dll!OpenProcess                                                                          77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ImpersonateNamedPipeClient                                                           77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!SetThreadToken                                                                       77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] USER32.dll!FindWindowA                                                                            76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] USER32.dll!FindWindowW                                                                            766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ntdll.dll!NtAccessCheckByType                                                                 77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ntdll.dll!NtImpersonateClientOfPort                                                           779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ntdll.dll!NtSetInformationProcess                                                             77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!SetThreadToken                                                                   77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!LdrLoadDll                                                             77959390 5 Bytes  JMP 013A13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtAccessCheckByType                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtAlpcImpersonateClientOfPort                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtImpersonateClientOfPort                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtSetInformationProcess                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] kernel32.dll!SetUnhandledExceptionFilter                                         77ADA84F 5 Bytes  JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] kernel32.dll!OpenProcess                                                         77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ADVAPI32.dll!ImpersonateNamedPipeClient                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ADVAPI32.dll!SetThreadToken                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!closesocket                                                           761A330C 5 Bytes  JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!recv                                                                  761A343A 5 Bytes  JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASend                                                               761A4496 5 Bytes  JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!send                                                                  761A659B 5 Bytes  JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!sendto                                                                761A67C5 5 Bytes  JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSARecv                                                               761A8400 5 Bytes  JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASendDisconnect                                                     761BA3E9 5 Bytes  JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASendTo                                                             761BA474 5 Bytes  JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!IsWindowUnicode + 37                                                  766990B5 5 Bytes  JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!FindWindowA                                                           76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!FindWindowW                                                           766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAccessCheckByType                                                                 77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ntdll.dll!NtImpersonateClientOfPort                                                           779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ntdll.dll!NtSetInformationProcess                                                             77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!SetThreadToken                                                                   77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtAccessCheckByType                                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtAlpcImpersonateClientOfPort                                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtImpersonateClientOfPort                                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtSetInformationProcess                                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] kernel32.dll!OpenProcess                                                                         77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ADVAPI32.dll!ImpersonateNamedPipeClient                                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ADVAPI32.dll!SetThreadToken                                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] USER32.dll!FindWindowA                                                                           76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] USER32.dll!FindWindowW                                                                           766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtAccessCheckByType                                                               77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtAlpcImpersonateClientOfPort                                                     77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtImpersonateClientOfPort                                                         779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtSetInformationProcess                                                           77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ADVAPI32.dll!ImpersonateNamedPipeClient                                                     77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ADVAPI32.dll!SetThreadToken                                                                 77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtAccessCheckByType                                                   77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtAlpcImpersonateClientOfPort                                         77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtImpersonateClientOfPort                                             779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtSetInformationProcess                                               77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ADVAPI32.dll!ImpersonateNamedPipeClient                                         77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ADVAPI32.dll!SetThreadToken                                                     77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtAccessCheckByType                                                   77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtAlpcImpersonateClientOfPort                                         77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtImpersonateClientOfPort                                             779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtSetInformationProcess                                               77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ADVAPI32.dll!ImpersonateNamedPipeClient                                         77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ADVAPI32.dll!SetThreadToken                                                     77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtAccessCheckByType                                   77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtAlpcImpersonateClientOfPort                         77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtImpersonateClientOfPort                             779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtSetInformationProcess                               77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] kernel32.dll!OpenProcess                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] USER32.dll!FindWindowA                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] USER32.dll!FindWindowW                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ADVAPI32.dll!ImpersonateNamedPipeClient                         77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ADVAPI32.dll!SetThreadToken                                     77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtAccessCheckByType                                                       77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtAlpcImpersonateClientOfPort                                             77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtImpersonateClientOfPort                                                 779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtSetInformationProcess                                                   77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] kernel32.dll!OpenProcess                                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ADVAPI32.dll!ImpersonateNamedPipeClient                                             77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ADVAPI32.dll!SetThreadToken                                                         77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] USER32.dll!FindWindowA                                                              76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] USER32.dll!FindWindowW                                                              766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtAccessCheckByType                                                         77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtAlpcImpersonateClientOfPort                                               77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtImpersonateClientOfPort                                                   779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtSetInformationProcess                                                     77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ADVAPI32.dll!ImpersonateNamedPipeClient                                               77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ADVAPI32.dll!SetThreadToken                                                           77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1880] kernel32.dll!OpenProcess                                                 77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1880] USER32.dll!IsWindowUnicode + 37                                          766990B5 5 Bytes  JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtAccessCheckByType                                           77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtAlpcImpersonateClientOfPort                                 77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtImpersonateClientOfPort                                     779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtSetInformationProcess                                       77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] kernel32.dll!OpenProcess                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ADVAPI32.dll!ImpersonateNamedPipeClient                                 77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ADVAPI32.dll!SetThreadToken                                             77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] USER32.dll!FindWindowA                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] USER32.dll!FindWindowW                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] kernel32.dll!OpenProcess                                                               77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] USER32.dll!FindWindowA                                                                 76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] USER32.dll!FindWindowW                                                                 766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtAccessCheckByType                                             77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtAlpcImpersonateClientOfPort                                   77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtImpersonateClientOfPort                                       779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtSetInformationProcess                                         77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] kernel32.dll!OpenProcess                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ADVAPI32.dll!ImpersonateNamedPipeClient                                   77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ADVAPI32.dll!SetThreadToken                                               77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!FindWindowA                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!FindWindowW                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] kernel32.dll!OpenProcess                                                               77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] USER32.dll!FindWindowA                                                                 76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] USER32.dll!FindWindowW                                                                 766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtAccessCheckByType                                                         77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtAlpcImpersonateClientOfPort                                               77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtImpersonateClientOfPort                                                   779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtSetInformationProcess                                                     77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ADVAPI32.dll!ImpersonateNamedPipeClient                                               77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ADVAPI32.dll!SetThreadToken                                                           77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtAccessCheckByType                                                           77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtImpersonateClientOfPort                                                     779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtSetInformationProcess                                                       77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] kernel32.dll!OpenProcess                                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] USER32.dll!FindWindowA                                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] USER32.dll!FindWindowW                                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ADVAPI32.dll!SetThreadToken                                                             77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtAccessCheckByType                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtAlpcImpersonateClientOfPort                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtImpersonateClientOfPort                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtSetInformationProcess                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] kernel32.dll!OpenProcess                                                             77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] USER32.dll!FindWindowA                                                               76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] USER32.dll!FindWindowW                                                               766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ADVAPI32.dll!ImpersonateNamedPipeClient                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ADVAPI32.dll!SetThreadToken                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtAccessCheckByType                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtAlpcImpersonateClientOfPort                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtImpersonateClientOfPort                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtSetInformationProcess                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] kernel32.dll!SetUnhandledExceptionFilter                             77ADA84F 5 Bytes  JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] kernel32.dll!OpenProcess                                             77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ADVAPI32.dll!ImpersonateNamedPipeClient                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ADVAPI32.dll!SetThreadToken                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtAccessCheckByType                                             77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtAlpcImpersonateClientOfPort                                   77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtImpersonateClientOfPort                                       779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtSetInformationProcess                                         77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] kernel32.dll!OpenProcess                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ADVAPI32.dll!ImpersonateNamedPipeClient                                   77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ADVAPI32.dll!SetThreadToken                                               77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] USER32.dll!FindWindowA                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] USER32.dll!FindWindowW                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] kernel32.dll!OpenProcess                                                               77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] USER32.dll!FindWindowA                                                                 76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] USER32.dll!FindWindowW                                                                 766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ntdll.dll!NtAccessCheckByType                                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ntdll.dll!NtAlpcImpersonateClientOfPort                                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ntdll.dll!NtImpersonateClientOfPort                                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ntdll.dll!NtSetInformationProcess                                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] kernel32.dll!OpenProcess                                                                             77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ADVAPI32.dll!ImpersonateNamedPipeClient                                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ADVAPI32.dll!SetThreadToken                                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] USER32.dll!FindWindowA                                                                               76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] USER32.dll!FindWindowW                                                                               766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtAccessCheckByType                                                            77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtAlpcImpersonateClientOfPort                                                  77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtImpersonateClientOfPort                                                      779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtSetInformationProcess                                                        77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] kernel32.dll!OpenProcess                                                                 77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] USER32.dll!FindWindowA                                                                   76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] USER32.dll!FindWindowW                                                                   766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ADVAPI32.dll!ImpersonateNamedPipeClient                                                  77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ADVAPI32.dll!SetThreadToken                                                              77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Apoint2K\Apvfb.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                             [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[536] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\services.exe[668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\lsass.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\lsm.exe[752] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                    [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Mozilla Firefox\firefox.exe[912] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[960] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[1024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\ehome\ehmsas.exe[1092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                   [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\Ati2evxx.exe[1124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[1144] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[1208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1240] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1420] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1532] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\spoolsv.exe[1996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\SearchIndexer.exe[2144] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                         [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\wbem\wmiprvse.exe[2524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                         [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Apoint2K\Apntex.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                       [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]       [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\taskeng.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Apoint2K\HidFind.exe[3560] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                         [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\explorer.exe[4568] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                       [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Users\eugen\Desktop\5lvc84qm.exe[5700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                           [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                             AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                                                        
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)                                    
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex                                                                     1

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                                                 0 bytes
File            C:\ADSM_PData_0150\DB                                                                                                              0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                                                        624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                                                         512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                                                    253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                                                            512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                                                        0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                                              27504 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                                                   512 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---

so und nun abwarten

u-gin · 22.12.2010, 20:15

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-22 20:12:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542512K9SA00 rev.BB2OC31P
Running: 5lvc84qm.exe; Driver: C:\Users\eugen\AppData\Local\Temp\pwlcapow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwAlpcConnectPort [0x8F0D20A2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwAlpcCreatePort [0x8F0D2972]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwConnectPort [0x8F0D1AF8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwCreateFile [0x8F0CB0D8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwCreateKey [0x8F0E9AA6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwCreatePort [0x8F0D2602]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwCreateWaitablePort [0x8F0D2760]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwDeleteFile [0x8F0CBF9A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwDeleteKey [0x8F0EB4BC]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwDeleteValueKey [0x8F0EADB2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwLoadKey [0x8F0EBE86]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwLoadKey2 [0x8F0EC0C4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwLoadKeyEx [0x8F0EC576]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwOpenFile [0x8F0CBA8C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwRenameKey [0x8F0ED30C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwReplaceKey [0x8F0EC840]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwRequestWaitReplyPort [0x8F0D1690]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwRestoreKey [0x8F0ECF4C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwSetInformationFile [0x8F0CC3A4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwSetSecurityObject [0x8F0ED894]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                     ZwSetValueKey [0x8F0EA4D6]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                                      824BD8A0 8 Bytes  [A2, 20, 0D, 8F, 72, 29, 0D, ...]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                      824BD924 4 Bytes  [F8, 1A, 0D, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 1D9                                                                                                      824BD93C 4 Bytes  [D8, B0, 0C, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 1E9                                                                                                      824BD94C 4 Bytes  [A6, 9A, 0E, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 205                                                                                                      824BD968 4 Bytes  [02, 26, 0D, 8F]
.text           ...                                                                                                                                
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                             section is writeable [0x9CB1E300, 0x3ACC8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                             section is writeable [0x9CB64300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtAccessCheckByType                                                              77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtAlpcImpersonateClientOfPort                                                    77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtImpersonateClientOfPort                                                        779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtSetInformationProcess                                                          77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] kernel32.dll!OpenProcess                                                                   77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] USER32.dll!FindWindowA                                                                     76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] USER32.dll!FindWindowW                                                                     766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ADVAPI32.dll!ImpersonateNamedPipeClient                                                    77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apvfb.exe[12] ADVAPI32.dll!SetThreadToken                                                                77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ntdll.dll!NtAccessCheckByType                                                                 77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ntdll.dll!NtImpersonateClientOfPort                                                           779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ntdll.dll!NtSetInformationProcess                                                             77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!SetThreadToken                                                                   77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[536] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ntdll.dll!NtAccessCheckByType                                                                 77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ntdll.dll!NtImpersonateClientOfPort                                                           779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ntdll.dll!NtSetInformationProcess                                                             77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!SetThreadToken                                                                   77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[624] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[668] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ntdll.dll!NtAccessCheckByType                                                                   77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ntdll.dll!NtAlpcImpersonateClientOfPort                                                         77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ntdll.dll!NtImpersonateClientOfPort                                                             779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ntdll.dll!NtSetInformationProcess                                                               77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient                                                         77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!SetThreadToken                                                                     77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] USER32.dll!FindWindowA                                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[728] USER32.dll!FindWindowW                                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtAccessCheckByType                                                                     77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtAlpcImpersonateClientOfPort                                                           77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtImpersonateClientOfPort                                                               779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtSetInformationProcess                                                                 77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] kernel32.dll!OpenProcess                                                                          77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ImpersonateNamedPipeClient                                                           77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!SetThreadToken                                                                       77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] USER32.dll!FindWindowA                                                                            76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[752] USER32.dll!FindWindowW                                                                            766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ntdll.dll!NtAccessCheckByType                                                                 77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ntdll.dll!NtImpersonateClientOfPort                                                           779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ntdll.dll!NtSetInformationProcess                                                             77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!SetThreadToken                                                                   77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[880] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!LdrLoadDll                                                             77959390 5 Bytes  JMP 013A13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtAccessCheckByType                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtAlpcImpersonateClientOfPort                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtImpersonateClientOfPort                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtSetInformationProcess                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] kernel32.dll!SetUnhandledExceptionFilter                                         77ADA84F 5 Bytes  JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] kernel32.dll!OpenProcess                                                         77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ADVAPI32.dll!ImpersonateNamedPipeClient                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] ADVAPI32.dll!SetThreadToken                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!closesocket                                                           761A330C 5 Bytes  JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!recv                                                                  761A343A 5 Bytes  JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASend                                                               761A4496 5 Bytes  JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!send                                                                  761A659B 5 Bytes  JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!sendto                                                                761A67C5 5 Bytes  JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSARecv                                                               761A8400 5 Bytes  JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASendDisconnect                                                     761BA3E9 5 Bytes  JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASendTo                                                             761BA474 5 Bytes  JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!IsWindowUnicode + 37                                                  766990B5 5 Bytes  JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!FindWindowA                                                           76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!FindWindowW                                                           766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAccessCheckByType                                                                 77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ntdll.dll!NtImpersonateClientOfPort                                                           779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ntdll.dll!NtSetInformationProcess                                                             77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!SetThreadToken                                                                   77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[960] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtAccessCheckByType                                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtAlpcImpersonateClientOfPort                                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtImpersonateClientOfPort                                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtSetInformationProcess                                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] kernel32.dll!OpenProcess                                                                         77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ADVAPI32.dll!ImpersonateNamedPipeClient                                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] ADVAPI32.dll!SetThreadToken                                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] USER32.dll!FindWindowA                                                                           76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\ehome\ehmsas.exe[1092] USER32.dll!FindWindowW                                                                           766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtAccessCheckByType                                                               77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtAlpcImpersonateClientOfPort                                                     77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtImpersonateClientOfPort                                                         779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtSetInformationProcess                                                           77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ADVAPI32.dll!ImpersonateNamedPipeClient                                                     77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\Ati2evxx.exe[1124] ADVAPI32.dll!SetThreadToken                                                                 77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1144] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1240] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1420] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1532] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtAccessCheckByType                                                   77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtAlpcImpersonateClientOfPort                                         77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtImpersonateClientOfPort                                             779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtSetInformationProcess                                               77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ADVAPI32.dll!ImpersonateNamedPipeClient                                         77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ADVAPI32.dll!SetThreadToken                                                     77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1584] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtAccessCheckByType                                                   77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtAlpcImpersonateClientOfPort                                         77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtImpersonateClientOfPort                                             779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtSetInformationProcess                                               77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ADVAPI32.dll!ImpersonateNamedPipeClient                                         77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ADVAPI32.dll!SetThreadToken                                                     77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtAccessCheckByType                                   77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtAlpcImpersonateClientOfPort                         77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtImpersonateClientOfPort                             779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtSetInformationProcess                               77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] kernel32.dll!OpenProcess                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] USER32.dll!FindWindowA                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] USER32.dll!FindWindowW                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ADVAPI32.dll!ImpersonateNamedPipeClient                         77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ADVAPI32.dll!SetThreadToken                                     77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtAccessCheckByType                                                       77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtAlpcImpersonateClientOfPort                                             77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtImpersonateClientOfPort                                                 779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtSetInformationProcess                                                   77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] kernel32.dll!OpenProcess                                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ADVAPI32.dll!ImpersonateNamedPipeClient                                             77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ADVAPI32.dll!SetThreadToken                                                         77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] USER32.dll!FindWindowA                                                              76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] USER32.dll!FindWindowW                                                              766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtAccessCheckByType                                                         77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtAlpcImpersonateClientOfPort                                               77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtImpersonateClientOfPort                                                   779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtSetInformationProcess                                                     77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ADVAPI32.dll!ImpersonateNamedPipeClient                                               77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ADVAPI32.dll!SetThreadToken                                                           77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1880] kernel32.dll!OpenProcess                                                 77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1880] USER32.dll!IsWindowUnicode + 37                                          766990B5 5 Bytes  JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtAccessCheckByType                                           77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtAlpcImpersonateClientOfPort                                 77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtImpersonateClientOfPort                                     779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtSetInformationProcess                                       77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] kernel32.dll!OpenProcess                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ADVAPI32.dll!ImpersonateNamedPipeClient                                 77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ADVAPI32.dll!SetThreadToken                                             77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] USER32.dll!FindWindowA                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] USER32.dll!FindWindowW                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1996] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2064] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[2104] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] kernel32.dll!OpenProcess                                                               77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] USER32.dll!FindWindowA                                                                 76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[2144] USER32.dll!FindWindowW                                                                 766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtAccessCheckByType                                             77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtAlpcImpersonateClientOfPort                                   77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtImpersonateClientOfPort                                       779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtSetInformationProcess                                         77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] kernel32.dll!OpenProcess                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ADVAPI32.dll!ImpersonateNamedPipeClient                                   77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ADVAPI32.dll!SetThreadToken                                               77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!FindWindowA                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!FindWindowW                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] kernel32.dll!OpenProcess                                                               77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] USER32.dll!FindWindowA                                                                 76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[2524] USER32.dll!FindWindowW                                                                 766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtAccessCheckByType                                                         77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtAlpcImpersonateClientOfPort                                               77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtImpersonateClientOfPort                                                   779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtSetInformationProcess                                                     77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ADVAPI32.dll!ImpersonateNamedPipeClient                                               77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ADVAPI32.dll!SetThreadToken                                                           77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtAccessCheckByType                                                           77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtImpersonateClientOfPort                                                     779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtSetInformationProcess                                                       77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] kernel32.dll!OpenProcess                                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] USER32.dll!FindWindowA                                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] USER32.dll!FindWindowW                                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\Apntex.exe[3032] ADVAPI32.dll!SetThreadToken                                                             77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtAccessCheckByType                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtAlpcImpersonateClientOfPort                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtImpersonateClientOfPort                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtSetInformationProcess                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] kernel32.dll!OpenProcess                                                             77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] USER32.dll!FindWindowA                                                               76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] USER32.dll!FindWindowW                                                               766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ADVAPI32.dll!ImpersonateNamedPipeClient                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ADVAPI32.dll!SetThreadToken                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtAccessCheckByType                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtAlpcImpersonateClientOfPort                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtImpersonateClientOfPort                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtSetInformationProcess                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] kernel32.dll!SetUnhandledExceptionFilter                             77ADA84F 5 Bytes  JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] kernel32.dll!OpenProcess                                             77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ADVAPI32.dll!ImpersonateNamedPipeClient                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ADVAPI32.dll!SetThreadToken                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] kernel32.dll!OpenProcess                                                                     77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] USER32.dll!FindWindowA                                                                       76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[3284] USER32.dll!FindWindowW                                                                       766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtAccessCheckByType                                             77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtAlpcImpersonateClientOfPort                                   77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtImpersonateClientOfPort                                       779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtSetInformationProcess                                         77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] kernel32.dll!OpenProcess                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ADVAPI32.dll!ImpersonateNamedPipeClient                                   77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ADVAPI32.dll!SetThreadToken                                               77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] USER32.dll!FindWindowA                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] USER32.dll!FindWindowW                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] kernel32.dll!OpenProcess                                                               77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] USER32.dll!FindWindowA                                                                 76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] USER32.dll!FindWindowW                                                                 766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Apoint2K\HidFind.exe[3560] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ntdll.dll!NtAccessCheckByType                                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ntdll.dll!NtAlpcImpersonateClientOfPort                                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ntdll.dll!NtImpersonateClientOfPort                                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ntdll.dll!NtSetInformationProcess                                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] kernel32.dll!OpenProcess                                                                             77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ADVAPI32.dll!ImpersonateNamedPipeClient                                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] ADVAPI32.dll!SetThreadToken                                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] USER32.dll!FindWindowA                                                                               76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\explorer.exe[4568] USER32.dll!FindWindowW                                                                               766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtAccessCheckByType                                                            77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtAlpcImpersonateClientOfPort                                                  77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtImpersonateClientOfPort                                                      779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtSetInformationProcess                                                        77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] kernel32.dll!OpenProcess                                                                 77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] USER32.dll!FindWindowA                                                                   76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] USER32.dll!FindWindowW                                                                   766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ADVAPI32.dll!ImpersonateNamedPipeClient                                                  77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ADVAPI32.dll!SetThreadToken                                                              77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Apoint2K\Apvfb.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                             [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[536] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\services.exe[668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\lsass.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\lsm.exe[752] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                    [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Mozilla Firefox\firefox.exe[912] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[960] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[1024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\ehome\ehmsas.exe[1092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                   [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\Ati2evxx.exe[1124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[1144] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[1208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1240] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1420] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1532] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\spoolsv.exe[1996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\SearchIndexer.exe[2144] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                         [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\wbem\wmiprvse.exe[2524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                         [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Apoint2K\Apntex.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                       [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]       [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\taskeng.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Apoint2K\HidFind.exe[3560] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                         [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\explorer.exe[4568] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                       [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Users\eugen\Desktop\5lvc84qm.exe[5700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                           [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                             AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                                                        
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)                                    
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex                                                                     1

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                                                 0 bytes
File            C:\ADSM_PData_0150\DB                                                                                                              0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                                                        624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                                                         512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                                                    253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                                                            512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                                                        0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                                              27504 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                                                   512 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---

so und nun abwarten

rea · 22.12.2010, 23:23

Beim normalen Surfen mit den Browsern geht alles normal, es gibt nur Updateprobleme?
Nutzt du einen Proxy?

1.) Deinstallation von Software

-> Start
-> Systemsteuerung
-> Programme und Funktionen
-> Programm deinstallieren

Wähle nun jeweils eine Software aus:

Code:

ATTFilter

Google Update Helper
ICQ Toolbar
Winload Toolbar
ZoneAlarm Toolbar

-> ändern/entfernen und deinstallieren.

Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist.

2.) Fixen mit OTL

Starte bitte die OTL.exe.
Vista-&Win7-User mit Rechtsklick "als Administrator starten"

Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml
[2010.12.21 19:09:31 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.09 21:25:22 | 000,001,356 | ---- | M] () -- C:\Users\eugen\AppData\Local\d3d9caps.dat
:Commands
[PURITY]
[EMPTYTEMP]
[CREATERESTOREPOINT]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Erstelle zuletzt dann zwei neue Logfiles mit OTL und poste sie mir hier.

u-gin · 22.12.2010, 23:31

kann ich das auch morgen tun?
bin sehr müde und wollte jetzt in bett

rea · 23.12.2010, 19:33

Klaro, bloss keine Hektik

u-gin · 25.12.2010, 16:47

Hey und Frohe Weihnachten!

hier ist der "Fix Log"?
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Winload Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml moved successfully.
C:\Windows\System32\acovcnt.exe moved successfully.
C:\Users\eugen\AppData\Local\d3d9caps.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eugen
->Temp folder emptied: 96624998 bytes
->Temporary Internet Files folder emptied: 610532 bytes
->Java cache emptied: 2535770 bytes
->FireFox cache emptied: 81646395 bytes
->Flash cache emptied: 33305 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2180540 bytes
RecycleBin emptied: 731871537 bytes

Total Files Cleaned = 873,00 mb

OTL by OldTimer - Version 3.2.18.0 log created on 12252010_164058

Files\Folders moved on Reboot...
C:\Users\eugen\AppData\Local\Temp\~DFB61B.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT0202e.TMP not found!

Registry entries deleted on Reboot...

u-gin · 25.12.2010, 16:58

so und das ist der scan log:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.12.2010 16:50:53 - Run 3
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 21,20 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 16,20 Gb Free Space | 36,23% Space Free | Partition Type: NTFS
Drive F: | 1,90 Gb Total Space | 0,15 Gb Free Space | 7,77% Space Free | Partition Type: FAT
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.11.22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.22 15:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.11 17:04:16 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.25 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.19 02:48:34 | 000,001,056 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\icqplugin.xml
[2010.12.08 00:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.25 16:51:35 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.25 16:51:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.25 16:51:35 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.25 16:51:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.25 16:46:17 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.25 16:45:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.25 16:45:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.25 16:45:29 | 2144,595,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.25 16:44:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.25 16:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 22:00:55 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:19:45 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.12.25 16:46:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2144,595,968 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2010.12.21 20:46:00 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2010.12.25 16:44:36 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

u-gin · 25.12.2010, 16:58

so und das ist der scan log:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.12.2010 16:50:53 - Run 3
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 21,20 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 16,20 Gb Free Space | 36,23% Space Free | Partition Type: NTFS
Drive F: | 1,90 Gb Total Space | 0,15 Gb Free Space | 7,77% Space Free | Partition Type: FAT
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.11.22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.22 15:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.11 17:04:16 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.25 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.19 02:48:34 | 000,001,056 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\icqplugin.xml
[2010.12.08 00:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.25 16:51:35 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.25 16:51:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.25 16:51:35 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.25 16:51:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.25 16:46:17 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.25 16:45:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.25 16:45:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.25 16:45:29 | 2144,595,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.25 16:44:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.25 16:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 22:00:55 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:19:45 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.12.25 16:46:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2144,595,968 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2010.12.21 20:46:00 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2010.12.25 16:44:36 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

rea · 25.12.2010, 17:53

Dir auch frohe Weihnachten

Du musst noch meine Fragen beantworten:

Zitat:

Beim normalen Surfen mit den Browsern geht alles normal, es gibt nur Updateprobleme?
Nutzt du einen Proxy?

Und du hast wohl ausversehen zweimal dasselbe OTL-Logfile (vom Systemscan) gepostet, es fehlt mir noch die Extras.txt.

u-gin · 25.12.2010, 17:58

beim surfen gibt es keine probleme, kann sogar meine e-mails per Thunderbird
abrufen und beantworten.
ich weiss nicht mal so richtig was Proxy ist und wofür es gut sein soll.

es hat beim scannen nur dies eine dokument gegeben.

22.12.2010, 06:24	#4
rea /// Helfer-Team	Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten Okay, dann fehlen jetzt noch OTL und Gmer. __________________ mfg, rea Auch du brauchst Hilfe bei einem Malwareproblem? TB-Spendenkonto Hier könnte ein schlauer Spruch stehen. Naja .... könnte!

23.12.2010, 19:33	#10
rea /// Helfer-Team	Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten Klaro, bloss keine Hektik __________________ mfg, rea Auch du brauchst Hilfe bei einem Malwareproblem? TB-Spendenkonto Hier könnte ein schlauer Spruch stehen. Naja .... könnte!

Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten

Plagegeister aller Art und deren Bekämpfung: Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten